Vulnerabilities > Carrcommunications

DATE CVE VULNERABILITY TITLE RISK
2024-11-04 CVE-2024-50531 Unrestricted Upload of File with Dangerous Type vulnerability in Carrcommunications Rsvpmaker
Unrestricted Upload of File with Dangerous Type vulnerability in David F.
network
low complexity
carrcommunications CWE-434
critical
9.8
2023-12-29 CVE-2023-25054 Code Injection vulnerability in Carrcommunications Rsvpmaker
Improper Control of Generation of Code ('Code Injection') vulnerability in David F.
network
low complexity
carrcommunications CWE-94
critical
9.8
2023-11-03 CVE-2023-41652 SQL Injection vulnerability in Carrcommunications Rsvpmaker
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F.
network
low complexity
carrcommunications CWE-89
critical
9.8
2023-10-31 CVE-2023-25045 SQL Injection vulnerability in Carrcommunications Rsvpmaker
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F.
network
low complexity
carrcommunications CWE-89
7.2
2023-10-31 CVE-2023-25047 SQL Injection vulnerability in Carrcommunications Rsvpmaker
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F.
network
low complexity
carrcommunications CWE-89
7.2
2023-09-27 CVE-2023-27616 Cross-site Scripting vulnerability in Carrcommunications Rsvpmaker
Unauth.
network
low complexity
carrcommunications CWE-79
6.1
2023-09-27 CVE-2023-27617 Cross-site Scripting vulnerability in Carrcommunications Rsvpmaker
Auth.
network
low complexity
carrcommunications CWE-79
4.8
2023-07-10 CVE-2023-29095 SQL Injection vulnerability in Carrcommunications Rsvpmaker
Auth.
network
low complexity
carrcommunications CWE-89
7.2
2022-06-13 CVE-2022-1768 Unspecified vulnerability in Carrcommunications Rsvpmaker
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file.
network
low complexity
carrcommunications
7.5
2022-05-10 CVE-2022-1453 SQL Injection vulnerability in Carrcommunications Rsvpmaker 7.3.9/7.5.3
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file.
network
low complexity
carrcommunications CWE-89
7.5